What is GRC dependency modeling and mapping?

SAVE AS PDF

What is GRC dependency modeling and mapping?

Upstream and downstream relationships can be created between profiles to develop the
dependency map. The scoping of profiles is permitted in each of the GRC applications, but the GRC Workbench, which provides a visual
presentation of those dependencies, is only activated for use with Risk Management.

Figure 1. Dependency modeling and mapping

Dependency modeling

Dependency modeling ensures that an organization establishes a uniform definition of risk
across the enterprise. The dependency model defines what relationships are allowed between
different types of areas in the organization. This enables more effective risk normalization and
aggregation by allowing stakeholders to more effectively compare and contrast risk appetite and
exposure at various levels of the enterprise.

Creating a dependency model involves creating profile classes and defining how classes are
structured in relation to each other using the Roll up to field.

Dependency mapping

Once dependency modeling is complete, you can build out a dependency map to define how
different parts of the organization are related to each other. The dependency map represents
what profile relationships actually exist. For example, you could specify that certain projects
and business services could affect the HR department, which would in turn affect the
enterprise.

Defining the dependency map involves creating profiles, defining the profile class for each
profile, then relating profiles to each other by specifying the
upstream/downstream relationship.